18 



PROXY-2 



PROXY-1 







12 






END USER STATION-2 


END USER STATION- 1 













® 
□ 

o 



14 



FIG 1 



END USER STATION- 1 PICK 

{ 



COMPUTE g xl 



ENCRYPT g xl WITH 
PASSWORD PWj 

~~r~ 



GENERATE CHALLENGE Cj to 
END USER STATION-2 

I 

GENERATE CHALLENGE r„ to 
PROXY- 1 

I 

ENCRYPT g* 1 with PW1 AND SEND 
PW 1 (g xl ),c„ANDr 11 
to PROXY- 1 



FIG 2 



PROXY- 1 RECEIVES 
PWKg^.Cj.andr,, 

{ 



DECRYPT PW^g* 1 ) 



STORE g xl AND r 31 

I 

PICK SECRET y T and 
COMPUTE g xlyl 

I 

CONCATENATE 
g xly ' He, 

I 

DIGITALLY SIGN 

g x,yl ||c, 

I 

RETRIEVE PROXY- 1 's CERTIFICATE 
CERT-1 

1 

SEND SIGNED 

g" lyl ||c, CERT-1 
to PROXY-2 



FIG 3 



PROXY-2 RECEIVES 
SIGNED (g xlyl ||ci) and CERT-1 



PICK SECRET y 2 and u 2 AND 
COMPUTE g xlyly2 , g u2 



T 



ENCRYPT WITH PW 2 
g xlyly2 and g u2 

~~r~ 



GENERATE CHALLENGE r 22 to 
END USER STATION-2 



46 




54 



56 



ERROR MESSAGE 



SEND PW 2 (g xlyly2 ), r 22 ,c, 
to END USER STATION-2 



58 



FIG 4 



END USER STATION-2 
USE PW2 TO DECRYPT 

gxiyW g u2 



END USER STATION-2 PICKS 

x 2 



.62 



COMPUTE 
SESSION KEY K - g xl ^ y2x2 AND 

K 2 =i 



^u2x2 



T 



/ 



64 



68 



CHALLENGE 
r 21 TO PROXY-2 AND 
c 2 , CHALLENGE to END USER STATION- 1 



,66 



,70 



SEND 

K 2 (r 22 ||r2i) 
TO PROXY-2 



SEND 

K(c 2 || Cl ) 
TO PROXY-2 



SEND 

x2 



TO PROXY-2 



FIGS 



PROXY 2 COMPUTES 

K 2=g u2x2 




f 


DECI 

K 2 (r 2 


IYPT 

2^21) 



76 




ERROR MESSAGE 



SEND SIGNATURE OF 
g x2y2 and 
CERTIFICATE-2 




SEND 
K(c 2 l|c 3 ) 
TO PROXY- 1 



FIG 6 



VALID DIGITAL 
SIGNATURE 

9 



YES 



SELECT SECRET u l5 AND 
COMPUTE g u! 



I 



COMPUTE 

(g x2y2 )y l 



COMPUTE 

K, = g xlul 



DECRYPT 
K,(r„||r 12 ) 



SEND 

K( Cl ||c 2 ), ^{x n \\v n ) 
TO END STATION- 1 



NO 



ERROR MESSAGE 



90 



92 



94 




96 



98 



100 



FIG 7 



102 



COMPUTE 
K, = (g ul ) xl 
K=(g ylx2y2 ) 



xl 



T 



DECRYPT 
CHALLENGES 
K(c 2 || Cl ) 
K,(r n ||r 12 ) 



SEND 
K!(r 12 )to PROXY-1 
K(c 2 ) to STATION-2 



104 




106 



NO 


ERROR 


> ► 


MESSAGE 



110 



FIG 8 



116 

z_ 

END STATION 
2 

"DESK 
TOP 
COMPUTER" 



114 




PROXY 



112 




END STATION 
1 

'HANDHELD 
DEVICE" 



113 



FIG 9 



HAND HELD DEVICE SELECTS 
Xj and g 



118 



T 



CALCULATES 



g 



ENCRYPTS g xl with PASSWORD 
PW, 



120 



122 



124 



GENERATES CHALLENGE c, 
TO DESK TOP COMPUTER 



I 



GENERA YES CHALLENGE r, , TO PROXY 



126 



I 



TRANSFER 
PW 1 (g x, ),c I ,andr ]1 
to PROXY 



128 



FIG 10 



PROXY RECEIVES 
PW,(g xl ), c,, and r n 



T 



130 



132 



DECRYPTS PWi(g xl ) 



T 



PICKS SECRET yi 

COMPUTES g xlyl 



T 



CONCATENATES 

g x,yl ||c, 



134 



136 



138 



SIGNS g xlyl || Cl 



T 



RETRIEVES CERTIFICATE 



T 



TRANSMITS SIGNED 
g xlyl ||c! AND 
CERTIFICATE TO 
DESKTOP COMPUTER 



140 



142 



FIG 11 



PDESK TOP RECEIVES FROM PROXY 
SIGNED g xlyl ||c! and CERTIFICATE 



144 




DESK TOP COMPUTER SELECTS x 2 



J 



DESK TOP COMPUTER COMPUTES 

K=(g xly, ) x2 



I 



DESK TOP COMPUTER SIGNS g : 



x2 



I 



DESK TOP COMPUTER SENDS 

SIGNED g x2 
CERTIFICATE, and 

K(ciicj) 
TO PROXY 



ERROR MESSAGE 



148 



149 



150 



152 



FIG 12 



154 




► ERROR MESSAGE 



PROXY SELECTS u, AND, r n 
COMPUTES g u , AND K^g*')" 




162 



PROXY SENDS 
K( Cl ||c 2 ), K 1 (r 11 ||r 12 )g x2y, ,and g" 
TO HAND HELD DEVICE 



FIG 13 



HAND HELD RECEIVES 
g u ,g x2 ^,AND 
K(c,||c 2 ) 



1 



CALCULATES 
END-TO-END SESSION KEY K=(g x2yl ) xl , 
AND 

LOCAL SESSION KEY K^g")" 1 



FIG 14 



DESK TOP COMPUTER SELECTS 
g, 

END-TO-END CHALLENGE c b 
SECRET NUMBER x { 



i 

SIGN 

g x, ||c, 



I 

SENDS SIGNED g xl ||c„ AND ITS 
CERTIFICATE TO PROXY 



FIG 15 



170 




PROXY SELECTS u, y 2 , r 22 
CALCULATE g u , g xly2 



I 



PROXY SENDS 
PW 2 (g u ), PW 2 (g xly2 ),r 22 ,and Cl 
to HAND HELD DEVICE 



ERROR MESSAGE 



178 



FIG 16 



HAND HELD SELECTS SECRET NUMBER x 2 



i 

HAND HELD CALCULATES g x2 

i 

HAND HELD CALCULATES 
K=(g xly2 ) x2 , and 
K 2 =(g u ) x2 

1 

HAND HELD PICKS r 21 , SENDS TO PROXY 
g x2 ,^(r 22 ||r 2I ),andK(c,||c 2 ) 

J 



PROXY CALCULATES 

(g x2 ) y2 

~r~ 



PROXY SIGNS g x2y2 AND 
RETRIEVES ITS CERTIFICATE 



i 

PROXY SENDS SIGNED g x2y2 , K^H^), 
AND ITS CERTIFICATE TO DESK TOP 
COMPUTER 



FIG 17 



194 



DESK TOP COMPUTER RECEIVES 
SIGNED g x2y2 , CERTIFICATE, 
AND 
KCc 2 ||c,) 




